Back to skill
Skillv0.1.5
VirusTotal security
Ai Video Generation · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:31 AM
- Hash
- 19edc9fd92575803986ace8a58f890ad5086ad48a705312e24b9bfbf2b4c964a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ai-video-generation Version: 0.1.5 The skill is classified as suspicious due to the use of `curl -fsSL https://cli.inference.sh | sh` for installation, which is an inherently high-risk method as it executes arbitrary remote code. While the `SKILL.md` claims the script is safe, this relies on trust in the remote server. Additionally, the `allowed-tools: Bash(infsh *)` permission grants the AI agent broad capabilities to execute `infsh` commands, which, combined with user-supplied inputs (especially URLs in JSON payloads), could introduce vulnerabilities like command injection or SSRF if the `infsh` CLI tool does not properly sanitize its arguments or handle external resources securely. There is no evidence of intentional malicious behavior like data exfiltration or persistence within the skill's instructions, but these are significant potential vulnerabilities.
- External report
- View on VirusTotal